diff --git a/Admin/Routes/Web/Api.php b/Admin/Routes/Web/Api.php index 5d92b7a..1114e56 100644 --- a/Admin/Routes/Web/Api.php +++ b/Admin/Routes/Web/Api.php @@ -67,6 +67,56 @@ return [ ], ], + '^.*/accounting/coa/file(\?.*|$)$' => [ + [ + 'dest' => '\Modules\Accounting\Controller\ApiController:apiCoaDocumentCreate', + 'verb' => RouteVerb::PUT, + 'csrf' => true, + 'active' => true, + 'permission' => [ + 'module' => ApiController::NAME, + 'type' => PermissionType::CREATE, + 'state' => PermissionCategory::ACCOUNT, + ], + ], + ], + + '^.*/accounting/coa/note(\?.*|$)' => [ + [ + 'dest' => '\Modules\Accounting\Controller\ApiController:apiCoaNoteCreate', + 'verb' => RouteVerb::PUT, + 'csrf' => true, + 'active' => true, + 'permission' => [ + 'module' => ApiController::NAME, + 'type' => PermissionType::CREATE, + 'state' => PermissionCategory::ACCOUNT, + ], + ], + [ + 'dest' => '\Modules\Accounting\Controller\ApiController:apiCoaNoteUpdate', + 'verb' => RouteVerb::SET, + 'csrf' => true, + 'active' => true, + 'permission' => [ + 'module' => ApiController::NAME, + 'type' => PermissionType::MODIFY, + 'state' => PermissionCategory::ACCOUNT, + ], + ], + [ + 'dest' => '\Modules\Accounting\Controller\ApiController:apiNoteDelete', + 'verb' => RouteVerb::DELETE, + 'csrf' => true, + 'active' => true, + 'permission' => [ + 'module' => ApiController::NAME, + 'type' => PermissionType::DELETE, + 'state' => PermissionCategory::ACCOUNT, + ], + ], + ], + '^.*/accounting/costcenter(\?.*|$)' => [ [ 'dest' => '\Modules\Accounting\Controller\ApiController:apiCostCenterCreate', diff --git a/Controller/ApiController.php b/Controller/ApiController.php index dc10132..6586365 100755 --- a/Controller/ApiController.php +++ b/Controller/ApiController.php @@ -25,6 +25,7 @@ use Modules\Accounting\Models\CostObject; use Modules\Accounting\Models\CostObjectL11nMapper; use Modules\Accounting\Models\CostObjectMapper; use Modules\Accounting\Models\NullAccountAbstract; +use Modules\Accounting\Models\PermissionCategory; use Modules\Accounting\Models\Posting; use Modules\Accounting\Models\PostingElement; use Modules\Accounting\Models\PostingMapper; @@ -35,11 +36,13 @@ use Modules\Billing\Models\BillStatus; use Modules\Finance\Models\TaxCodeMapper; use Modules\ItemManagement\Models\Attribute\ItemAttributeTypeMapper; use Modules\ItemManagement\Models\Attribute\ItemAttributeValueMapper; +use phpOMS\Account\PermissionType; use phpOMS\Localization\BaseStringL11n; use phpOMS\Localization\ISO639x1Enum; use phpOMS\Message\Http\HttpRequest; use phpOMS\Message\Http\HttpResponse; use phpOMS\Message\Http\RequestStatusCode; +use phpOMS\Message\NotificationLevel; use phpOMS\Message\RequestAbstract; use phpOMS\Message\ResponseAbstract; use phpOMS\Model\Message\FormValidation; @@ -1305,4 +1308,123 @@ final class ApiController extends Controller return []; } + + /** + * Api method to create Note + * + * @param RequestAbstract $request Request + * @param ResponseAbstract $response Response + * @param array $data Generic data + * + * @return void + * + * @api + * + * @since 1.0.0 + */ + public function apiCoaNoteCreate(RequestAbstract $request, ResponseAbstract $response, array $data = []) : void + { + if (!empty($val = $this->validateCoaNoteCreate($request))) { + $response->header->status = RequestStatusCode::R_400; + $this->createInvalidCreateResponse($request, $response, $val); + + return; + } + + $request->setData('virtualpath', '/Modules/Accounting/Account/' . $request->getData('ref'), true); + $this->app->moduleManager->get('Editor', 'Api')->apiEditorCreate($request, $response, $data); + + if ($response->header->status !== RequestStatusCode::R_200) { + return; + } + + $responseData = $response->getDataArray($request->uri->__toString()); + if (!\is_array($responseData)) { + return; + } + + $model = $responseData['response']; + $this->createModelRelation($request->header->account, (int) $request->getData('ref'), $model->id, AccountAbstractMapper::class, 'notes', '', $request->getOrigin()); + } + + /** + * Validate note create request + * + * @param RequestAbstract $request Request + * + * @return array + * + * @since 1.0.0 + */ + private function validateCoaNoteCreate(RequestAbstract $request) : array + { + $val = []; + if (($val['ref'] = !$request->hasData('ref')) + ) { + return $val; + } + + return []; + } + + /** + * Api method to update Note + * + * @param RequestAbstract $request Request + * @param ResponseAbstract $response Response + * @param array $data Generic data + * + * @return void + * + * @api + * + * @since 1.0.0 + */ + public function apiCoaNoteUpdate(RequestAbstract $request, ResponseAbstract $response, array $data = []) : void + { + $accountId = $request->header->account; + if (!$this->app->accountManager->get($accountId)->hasPermission( + PermissionType::MODIFY, $this->app->unitId, $this->app->appId, self::NAME, PermissionCategory::NOTE, $request->getDataInt('id')) + ) { + $this->fillJsonResponse( + $request, $response, + NotificationLevel::ERROR, '', + $this->app->l11nManager->getText($response->header->l11n->language, '0', '0', 'InvalidPermission'), + [] + ); + $response->header->status = RequestStatusCode::R_403; + + return; + } + + $this->app->moduleManager->get('Editor', 'Api')->apiEditorUpdate($request, $response, $data); + } + + /** + * Api method to delete Note + * + * @param RequestAbstract $request Request + * @param ResponseAbstract $response Response + * @param array $data Generic data + * + * @return void + * + * @api + * + * @since 1.0.0 + */ + public function apiNoteDelete(RequestAbstract $request, ResponseAbstract $response, array $data = []) : void + { + $accountId = $request->header->account; + if (!$this->app->accountManager->get($accountId)->hasPermission( + PermissionType::DELETE, $this->app->unitId, $this->app->appId, self::NAME, PermissionCategory::NOTE, $request->getDataInt('id')) + ) { + $this->fillJsonResponse($request, $response, NotificationLevel::HIDDEN, '', '', []); + $response->header->status = RequestStatusCode::R_403; + + return; + } + + $this->app->moduleManager->get('Editor', 'Api')->apiEditorDelete($request, $response, $data); + } } diff --git a/Models/PermissionCategory.php b/Models/PermissionCategory.php index 4a0edbe..91b22ca 100755 --- a/Models/PermissionCategory.php +++ b/Models/PermissionCategory.php @@ -47,4 +47,6 @@ abstract class PermissionCategory extends Enum public const SUPPLIER = 10; public const CLIENT = 11; + + public const NOTE = 12; } diff --git a/Theme/Backend/coa-view.tpl.php b/Theme/Backend/coa-view.tpl.php index fa5f220..9a1aebd 100644 --- a/Theme/Backend/coa-view.tpl.php +++ b/Theme/Backend/coa-view.tpl.php @@ -51,7 +51,8 @@ echo $this->data['nav']->render(); ?> data['l11nView']->render( $this->data['l11nValues'], [], - '{/api}accounting/coa/l11n?csrf={$CSRF}' + '{/api}accounting/coa/l11n?csrf={$CSRF}', + (string) $account->id ); ?> diff --git a/Theme/Backend/costcenter-view.tpl.php b/Theme/Backend/costcenter-view.tpl.php index f7227c1..8fe19b2 100644 --- a/Theme/Backend/costcenter-view.tpl.php +++ b/Theme/Backend/costcenter-view.tpl.php @@ -54,7 +54,8 @@ echo $this->data['nav']->render(); ?> data['l11nView']->render( $this->data['l11nValues'], [], - '{/api}accounting/costcenter/l11n?csrf={$CSRF}' + '{/api}accounting/costcenter/l11n?csrf={$CSRF}', + (string) $costcenter->id ); ?> diff --git a/Theme/Backend/costobject-view.tpl.php b/Theme/Backend/costobject-view.tpl.php index bbfc033..69f73ca 100644 --- a/Theme/Backend/costobject-view.tpl.php +++ b/Theme/Backend/costobject-view.tpl.php @@ -54,7 +54,8 @@ echo $this->data['nav']->render(); ?> data['l11nView']->render( $this->data['l11nValues'], [], - '{/api}accounting/costobject/l11n?csrf={$CSRF}' + '{/api}accounting/costobject/l11n?csrf={$CSRF}', + (string) $costobject->id ); ?> diff --git a/Theme/Backend/personal-view.tpl.php b/Theme/Backend/personal-view.tpl.php index 1f435ff..6bf7a71 100644 --- a/Theme/Backend/personal-view.tpl.php +++ b/Theme/Backend/personal-view.tpl.php @@ -547,12 +547,12 @@ echo $this->data['nav']->render(); ?> request->uri->fragment === 'c-tab-5' ? ' checked' : ''; ?>>
- data['media-upload']->render('account-file', 'files', '', $account->files); ?> + data['media-upload']->render('account-file', 'files', '', $account->files, '{/api}accounting/coa/file?csrf={$CSRF}', (string) $account->id); ?>
request->uri->fragment === 'c-tab-6' ? ' checked' : ''; ?>>
- data['note']->render('account-note', 'notes', $account->notes); ?> + data['note']->render('account-note', 'notes', $account->notes, '{/api}accounting/coa/note?csrf={$CSRF}', (string) $account->id); ?>